The Ease of Hacking VoIP

Most of the 300,000 privately owned IP PBX systems throughout the U.S. are “wide open” to anyone that wants to hack them, says ChannelWeb. Compounding matters are a lack of regulatory interest and failure of vendors to disclose vulnerabilities.

With VoIP systems being implemented on data LANs and blended with other software for unified communications solutions, the potential for mischief can get very large very quickly. VoIPshield has been posting and demonstrating publicly documented (i.e. available through The Google) hacks. While Cisco Call Manager gets a workout on how easy it is to exploit, the real problem lies in companies not updating their VoIP and IP PBX software with the latest security patches and fixes like they do all with all their other software.

If you’re not worried yet, there’s a free utility called VoIPhopper to jump between voice and data VLANs so one can easily bypass firewalls and nearly all the IDS software for sale today. 

For more:
- Hacking VoIP is easy, reports ChannelWeb

Related articles:
Last HOPE Launches Security Season
SPOTLIGHT: Survey: U.S. firms lax about VoIP security